LDAPS connection fails (LDAP was working)

  • Versions used : Developer Edition - Version 9.9.3 (build 79811) On premise.

  • Error observed :
    After changing LDAP config in sonar.properties, Server does not start when LDAP connection is set to LDAPS port 3269 (With LDAP that works well)
    Error is : LDAP realm failed to start: Unable to open LDAP connection

  • What I did :
    –
    Certificate was added in Java truststore (visible in below log).
    –
    For testing LDAPS access, same config (url & credentials) used in python script work well from the same server.
    –
    I had a look on similar topics in community but I found nothing that solved my problem.

  • web.log in debug mode gives (full log avail but too many sensitive information to attached it here, please ask if needed)

2024.06.24 07:55:52 DEBUG web[][o.s.c.p.PriorityBeanFactory] Autowiring by type from bean name 'jdk.internal.loader.ClassLoaders$AppClassLoader@659e0bfd-org.sonar.auth.ldap.LdapRealm' via constructor to bean named 'Configuration'
2024.06.24 07:55:52 INFO  web[][o.s.a.l.LdapSettingsManager] User mapping: LdapUserMapping{baseDn=OU=Individual,OU=GVA,OU=40-User Accounts,DC=geneva,DC=vitol,DC=com, request=(&(objectClass=user)(sAMAccountName={0})), realNameAttribute=cn, emailAttribute=mail}
2024.06.24 07:55:52 INFO  web[][o.s.a.l.LdapSettingsManager] Groups will not be synchronized, because property 'ldap.group.baseDn' is empty.
2024.06.24 07:55:52 DEBUG web[][o.s.a.l.LdapContextFactory] Initializing LDAP context {java.naming.referral=follow, java.naming.security.principal=CN=svc-Sonar-GVA,OU=Misc,OU=GVA,OU=40-User Accounts,DC=geneva,DC=vitol,DC=com, com.sun.jndi.ldap.connect.pool=true, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldaps://vitol.com:3269, java.naming.security.authentication=simple}
2024.06.24 07:55:52 DEBUG web[][jdk.event.security] X509Certificate: Alg:SHA256withRSA, Serial:4b00012dfb3259996cdd72809d000100012dfb, Subject:CN=vitol-ZRHSCA-CA, DC=vitol, DC=com, Issuer:CN=vitol-LDNRCA-CA, DC=vitol, DC=com, Key type:RSA, Length:2048, Cert Id:-1421961910, Valid from:4/20/23, 1:24 PM, Valid until:4/18/28, 1:24 PM
2024.06.24 07:55:52 DEBUG web[][jdk.event.security] ValidationChain: -1890167577, -1421961910, -128299600
2024.06.24 07:55:52 INFO  web[][o.s.a.l.LdapContextFactory] Test LDAP connection: FAIL
2024.06.24 07:55:52 WARN  web[][o.s.c.a.AnnotationConfigApplicationContext] Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'jdk.internal.loader.ClassLoaders$AppClassLoader@659e0bfd-org.sonar.server.ws.WebServiceEngine': Unsatisfied dependency expressed through constructor parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'jdk.internal.loader.ClassLoaders$AppClassLoader@659e0bfd-org.sonar.server.authentication.ws.AuthenticationWs': Unsatisfied dependency expressed through constructor parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'jdk.internal.loader.ClassLoaders$AppClassLoader@659e0bfd-org.sonar.server.authentication.ws.LoginAction': Unsatisfied dependency expressed through constructor parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'jdk.internal.loader.ClassLoaders$AppClassLoader@659e0bfd-org.sonar.server.authentication.CredentialsAuthentication': Unsatisfied dependency expressed through constructor parameter 4; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'jdk.internal.loader.ClassLoaders$AppClassLoader@659e0bfd-org.sonar.server.authentication.LdapCredentialsAuthentication': Unsatisfied dependency expressed through constructor parameter 3; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'jdk.internal.loader.ClassLoaders$AppClassLoader@659e0bfd-org.sonar.auth.ldap.LdapRealm': Bean instantiation via constructor failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.sonar.auth.ldap.LdapRealm]: Constructor threw exception; nested exception is org.sonar.auth.ldap.LdapException: LDAP realm failed to start: Unable to open LDAP connection
2024.06.24 07:55:52 ERROR web[][o.s.s.p.Platform] Background initialization failed. Stopping SonarQube
org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'jdk.internal.loader.ClassLoaders$AppClassLoader@659e0bfd-org.sonar.server.ws.WebServiceEngine': Unsatisfied dependency expressed through constructor parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'jdk.internal.loader.ClassLoaders$AppClassLoader@659e0bfd-org.sonar.server.authentication.ws.AuthenticationWs': Unsatisfied dependency expressed through constructor parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'jdk.internal.loader.ClassLoaders$AppClassLoader@659e0bfd-org.sonar.server.authentication.ws.LoginAction': Unsatisfied dependency expressed through constructor parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'jdk.internal.loader.ClassLoaders$AppClassLoader@659e0bfd-org.sonar.server.authentication.CredentialsAuthentication': Unsatisfied dependency expressed through constructor parameter 4; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'jdk.internal.loader.ClassLoaders$AppClassLoader@659e0bfd-org.sonar.server.authentication.LdapCredentialsAuthentication': Unsatisfied dependency expressed through constructor parameter 3; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'jdk.internal.loader.ClassLoaders$AppClassLoader@659e0bfd-org.sonar.auth.ldap.LdapRealm': Bean instantiation via constructor failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.sonar.auth.ldap.LdapRealm]: Constructor threw exception; nested exception is org.sonar.auth.ldap.LdapException: LDAP realm failed to start: Unable to open LDAP connection
	at org.springframework.beans.factory.support.ConstructorResolver.createArgumentArray(ConstructorResolver.java:800)
	at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:229)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1372)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1222)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:582)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:542)
	at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:335)
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234)
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:333)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:208)
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:955)
	at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:920)
	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:583)
	at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:187)
	at org.sonar.server.platform.platformlevel.PlatformLevel.start(PlatformLevel.java:80)
	at org.sonar.server.platform.platformlevel.PlatformLevel4.start(PlatformLevel4.java:657)
	at org.sonar.server.platform.PlatformImpl.start(PlatformImpl.java:196)
	at org.sonar.server.platform.PlatformImpl.startLevel34Containers(PlatformImpl.java:177)
	at org.sonar.server.platform.PlatformImpl$AutoStarterRunnable.runIfNotAborted(PlatformImpl.java:344)
	at org.sonar.server.platform.PlatformImpl$1.doRun(PlatformImpl.java:105)
	at org.sonar.server.platform.PlatformImpl$AutoStarterRunnable.run(PlatformImpl.java:328)
	at java.base/java.lang.Thread.run(Thread.java:833)

After further investigation on my side, this could be linked to a certificate issue.

Please don’t spent time on this issue, I will continue to work on it and I will update this issue accordingly.

Thanks

1 Like